Add to collection(s) Add to saved
  1. No category

News from the wonderful world of directories Erik Andersen Denmark

advertisement 
International Telecommunication Union
News from the wonderful
world of directories
Erik Andersen
Denmark
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
Agenda
ITU-T
The position of X.500/LDAP
X.500 enhancements
a)
b)
c)
d)
Concept of Friends Attributes
Paging on the DSP
Maximum alignment with LDAP
Enhancements to Public-key and
Attribute certificates
Enhancements to E.115
a) Functional enhancements
b) XML access
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
2
The X.500/LDAP Directory
ITU-T
An LDAP or X.500 directory is a general purpose directory
Gives a set of specifications for:
how objects are represented by entries in a directory
how objects represented in a directory are named
how information about objects is created, organised,
interrogated, updated and deleted
A directory can be distributed allowing:
the establishment of a global Directory
information to be maintained by the owner of information
a separation between public and private domains
possibility for replication of information
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
3
Relationship between X.500 and LDAP
(Lightweight Directory Access Protocol)
ITU-T
X.500
LDAP
LDAP originally developed for X.500 access
Later developed own server specifications
Uses the X.500 model
Identical in many ways, except for syntax
X.500: Full use of ASN.1
LDAP: Simple ASN.1 and Augmented Backus-Naur Form (ABNF)
Most X.500 implementations support LDAP
LDAP widely implemented and used
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
4
Editions of X.500 Directory
Specifications
ITU-T
Developed by ISO/IEC and ITU-T (former CCITT) as:
ISO/IEC 9594 multi-part International Standard
ITU-T X.500 Series of Recommendations
Four editions so far:
dates
Edition 2:
ISO/IEC 9594:1995 | ITU-T X.500 (1993)
Edition 1:
ISO/IEC 9594:1990 | CCITT X.500 (1988)
Edition 3:
ISO/IEC 9594:1998 | ITU-T X.500 (1997)
Edition 4:
ISO/IEC 9594:2001 | ITU-T X.500 (2001)
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
6
X.500 5th edition enhancements
ITU-T
Expected publication: During 2005
Concept of Friends Attributes
Paging on the DSP
Maximum alignment with LDAP
Enhancements to Public-key and Attribute
certificates
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
7
Friend attributes
ITU-T
Attribute subtyping – same syntax:
name
commonName
surname
localityName
givenName
Friend attributes – possibly different syntaxes:
commAddress
dates
telephoneNumber
url
email
(E.164 syntax)
(RFC 1738 syntax)
(RFC 822 syntax)
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
8
Paged results on the DSP
ITU-T
DSP paged result
Bound-DSA paged result
User DUA
DAP
DSP
DSP
DSP
DSP
Bound DSA
DSP
DSA
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
DSA
DSP
DSA
9
Relationship between X.500 and LDAP
(Lightweight Directory Access Protocol)
ITU-T
X.500
dates
LDAP
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
10
Relationship between X.500 and LDAP
with maximum alignment
ITU-T
X.500
dates
LDAP
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
11
Maximum X.500 alignment with LDAP
ITU-T
NOTE – One way alignment
o Alignment of concepts – add LDAP concepts to make LDAP
concepts a subset of X.500 concepts.
o Simplify specifications – removal of dependency of lower
layer documentation
o Alignment of operations (replace value)
o Multiple namespaces (Directory Information Trees)
o Directory consisting of LDAP and X.500 server mix
o ISO 10646 (UTF-8) matching
o Component matching
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
12
A distributed directory
ITU-T
LDAP
server
DUA
DSA
User
DAP
LDAP
DSA
DSP
LDAP
User client
LDAP
dates
DSA
DSP
A directory
DSA
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
DUA
13
Matching problem
ITU-T
Filter
keyUsage = digitalSignature
And
policyIndentifier = { a b d }
Directory entry
Attribute
dates
Certificate 1
Certificate 2
keyUsage =
digitalSignature
keyUsage =
dataEncipherment
certificatePolicies = {
…
policyIdentifier = { a.b.c}}
certificatePolicies = {
…
policyIdentifier = { a.b.d}}
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
14
Component matching rule
ITU-T
ComponentMatch against
component n
Evaluate to TRUE if match
Attribute value
Component m
Component n
Component o
dates
Can be combined by AND,
OR and NOT operations in
any combination and
nesting level onto a
particular attribute value
of a particular attribute
type
Evaluates to TRUE if just
one attribute value of the
attribute type evaluates to
TRUE
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
15
DirectoryString
ITU-T
DirectoryString { INTEGER : maxSize } ::= CHOICE {
dates
teletexString
TeletexString (SIZE (1..maxSize)),
printableString
PrintableString (SIZE (1..maxSize)),
bmpString
BMPString (SIZE (1..maxSize)),
universalString
UniversalString (SIZE (1..maxSize)),
uTF8String
UTF8String (SIZE (1..maxSize)) }
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
16
ISO/IEC 10646
The base character set standard
ITU-T
dates
ISO/IEC 10646 - Universal Multiple-Octet Coded
Character Set (UCS)
Every character is coded in 4 octets
Allows encoding of all characters used by written
languages all over the world
The practical realisation is specified in the
Unicode standard (produced by a consortium)
Supports multiple encoding formats:
UTF-8 - octet oriented
BMP (UCS-2) - half word oriented
UTF-16 - half word oriented
UCS-4 (UTF-32) - word oriented
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
17
UCS Transformation Format 8
(UTF-8)
ITU-T
Defined in Annex D of
ISO/IEC 10646-1 : 2003, Universal
Multiple-Octet Coded Character Set
(UCS)
Required by (almost) all Internet
specifications
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
19
Format of octets in a UTF-8 sequence
ITU-T
dates
Octet usage
Format
(binary)
No. of free
bits
Max UCS-4value
1st of 1
0xxxxxxx
7
00 00 00 7F
1st of 2
110xxxxx
5
00 00 07 FF
1st of 3
1110xxxx
4
00 00 FF FF
1st of 4
11110xxx
3
00 1F FF FF
1st of 5
111110 xx
2
03 FF FF FF
1st of 6
1111110x
1
7F FF FF FF
Continuation
2nd .. 6th
10xxxxxx
6
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
20
First problem
ITU-T
We need to compare names and values
Some characters may be represented in
several ways
It is not possible to do a simple bitwise
comparison to check if two names or values
are equal!
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
22
Second problem
ITU-T
Comparison is most often done
disregarding case differences
All upper case letters have to be
converted to lower case letters before
comparison
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
23
String preparation
ITU-T
Text string 1
Text string 2
Transcoding
Transcoding
Transcoded string 1
Transcoded string 2
Mapping
Mapping
Mapped string 1
Mapped string 2
Normalise
Normalise
Normalised string 1
Normalised string 2
Octet wise comparison
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
24
X.509 enhancements
ITU-T
Notice of future revocation
Notice of revoked group of entries
Expired certificates on CRLs
Advanced certificate matching rule
XML encoded privilege information
Clarifications
Misc. enhancements to PMI
Etc.
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
25
EIDQ Association
ITU-T
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
26
Members (30 as at 17 Feb 2004)
Source: David Stafford, General Secretary EIDQ Association
27
E.115 - Computerized directory
assistance
ITU-T
User
International
server
Operator
E.115
protocol
Local
server
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
28
ITU-T Rec. E.115 (2005)
Computerized Directory Assistance
ITU-T
OSI stack removed
Home grown TCP/IP support integrated in text
Specifies two versions of the protocol
Version 1:
•
•
•
•
•
•
The 1995 edition + all agreed extensions
All keywords specified in Annex
Complete rewrite and restructuring of 1995 edition
Added clarifications
ASN.1 BER encoding
Support mandatory
Version 2:
• Keywords replaced by new fields – keyword concept no longer used
• Several new enhancements
• ASN.1 BER and XML (or ASN.1 XER) encoding
• Future extensions using ITU-T procedure
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
29
Version 2 design criteria
ITU-T o Keep backward compatibility
• Unchanged fields use same tag
• Tags reserved for obsolete fields
• Common text for unchanged fields
o Keep ASN.1 and XML Schema Definitions
(XSD) aligned
• ASN.1 XER encoding will produce same
encoding as the XSD
• ASN.1 EXTENDED-XER encoding instruction
used
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
30
Example of ASN.1 specification
ITU-T
dates
InquiryPart1 ::= [ TAG: APPLICATION 0 ] IMPLICIT SET {
messageIndicators
[ATTRIBUTE] [TAG: 0] IMPLICIT
E115String (SIZE(4)),
internationalIndicator
[ATTRIBUTE] [TAG: 1] IMPLICIT
E115NumericString (SIZE(8)),
originatingTerminalCode
[ATTRIBUTE] [TAG: 2] IMPLICIT
E115String (SIZE(8)),
dateAndTime
[ATTRIBUTE] [TAG: 3] IMPLICIT
E115NumericString (SIZE(12))OPTIONAL,
messageNumber
[ATTRIBUTE] [TAG: 4] IMPLICIT
E115String (SIZE(4)) OPTIONAL }
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
31
Proximity search
ITU-T
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
32
ITU-T
END
dates
ITU-T Study Group 17, Moscow, 30 March – 8 April 2005
33
Related documents
SE– x October 2012 English only Original: English
SE– x October 2012 English only Original: English
Download
advertisement